From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Thu, 06 Nov 2008 10:06:46 -0500 Subject: [refpolicy] dbus, inotify In-Reply-To: <48DB87CD.1090406@martinorr.name> References: <48DB87CD.1090406@martinorr.name> Message-ID: <1225984006.12285.11.camel@gorn.columbia.tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Thu, 2008-09-25 at 13:45 +0100, Martin Orr wrote: > Let *_dbusd_t list inotifyfs. > > Aug 20 12:23:52 caligula kernel: type=1400 audit(1219231432.671:4): avc: > denied { read } for pid=2646 comm="dbus-daemon" path="inotify" > dev=inotifyfs ino=1 scontext=system_u:system_r:system_dbusd_t:s0 > tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir Merged. > Index: policy/modules/services/dbus.if > =================================================================== > --- policy/modules/services/dbus.if.orig > +++ policy/modules/services/dbus.if > @@ -139,6 +139,7 @@ > > fs_getattr_romfs($1_dbusd_t) > fs_getattr_xattr_fs($1_dbusd_t) > + fs_list_inotifyfs($1_dbusd_t) > > selinux_get_fs_mount($1_dbusd_t) > selinux_validate_context($1_dbusd_t) > -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150